Recently I started noticing automatically created PR’s (like created by Dependabot) failing due to empty Secrets.
When re-running the jobs all Secrets work again.
The GITHUB_TOKEN does not seem to be affected.
That change was intentional, because of a potential security problem:
1 Like
Completely missed that, thank you.
1 Like
What’s the fix for this? How do I get back to Dependabot working as expected in the most secure fashion?
Depends on the details of your workflow, but the changelog entry links to this article which discusses dangers and possibilities: